Can Cookies Be Set Across Domains?

Setting Cookies Across Domains

Consider the following scenario: You have a website at a.com where you load a specific page, say a.com/link, which prompts a cookie to be set for b.com. Upon setting the cookie on a.com/link, you redirect the user to b.com.

However, experiments show that although the browser will receive the cookie sent by a.com/link, it will not send the cookie to b.com on the redirect request. Is this normal?

Is it possible to set cross-domain cookies?

The answer is no. Allowing cookies to be set across domains creates a significant security vulnerability.

Therefore, b.com is responsible for setting the cookie. If a.com redirects the user to b.com/setcookie.php?c=value, then the setcookie script can contain the following to set the cookie and redirect the user to the correct page on b.com:

<?php
    setcookie('a', $_GET['c']);
    header("Location: b.com/landingpage.php");
?>

The above is the detailed content of Can Cookies Be Set Across Domains?. For more information, please follow other related articles on the PHP Chinese website!